apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ks-apigateway
    tier: backend
    version: {{ ks_version }}
  name: ks-apigateway
  namespace: kubesphere-system
spec:
{% if master_num is defined and master_num != "0" %}
  replicas: {{ master_num }}
{% else %}
  replicas: 1
{% endif %}
  selector:
    matchLabels:
      app: ks-apigateway
      tier: backend
      version: {{ ks_version }}
  template:
    metadata:
      labels:
        app: ks-apigateway
        tier: backend
        version: {{ ks_version }}
    spec:
      containers:
      - command:
        - /bin/sh
        - -c
        - export KUBESPHERE_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` && ks-apigateway --conf=/etc/caddy/Caddyfile --log=stderr
        env:
        - name: JWT_SECRET
          valueFrom:
            secretKeyRef:
              key: jwt-secret
              name: ks-account-secret
        image: {{ ks_apigateway_repo }}:{{ ks_apigateway_tag }}
        imagePullPolicy: {{ ks_image_pull_policy }}
        name: ks-apigateway
        ports:
        # apiserver
        - containerPort: 2018
          protocol: TCP
        resources:
          limits:
            cpu: {{ ks_apigateway_cpu_limit }}
            memory: {{ ks_apigateway_memory_limit }}
          requests:
            cpu: {{ ks_apigateway_cpu_requests }}
            memory: {{ ks_apigateway_memory_requests }}
        volumeMounts:
        - mountPath: /etc/caddy
          name: caddyfile
        - mountPath: /etc/kubesphere
          name: kubesphere-config
      serviceAccount: kubesphere
      serviceAccountName: kubesphere
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
        - key: CriticalAddonsOnly
          operator: Exists
        - effect: NoExecute
          key: node.kubernetes.io/not-ready
          operator: Exists
          tolerationSeconds: 60
        - effect: NoExecute
          key: node.kubernetes.io/unreachable
          operator: Exists
          tolerationSeconds: 60
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            preference:
              matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: In
                values:
                - ""
{% if master_num is defined and master_num != "1" %}
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - ks-apigateway
            namespaces:
            - kubesphere-system
{% endif %}
      volumes:
      - configMap:
          defaultMode: 420
          name: caddyfile
        name: caddyfile
      - configMap:
          defaultMode: 420
          name: kubesphere-config
        name: kubesphere-config

---

apiVersion: v1
kind: Service
metadata:
  labels:
    app: ks-apigateway
    tier: backend
    version: {{ ks_version }}
  name: ks-apigateway
  namespace: kubesphere-system
spec:
  ports:
  - name: 80-2018
    port: 80
    protocol: TCP
    targetPort: 2018
  selector:
    app: ks-apigateway
    tier: backend
    version: {{ ks_version }}
  type: ClusterIP